Logs & ban user multiple failed logins with fail2ban

[lukaspavelka]

Hello my startup of this gr8 ftp looks like this:

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "ADDED_FLAGS=--tls=2" -e "PUBLICHOST=92.200.9.222" -e "ADDED_FLAGS=-d -d" -e "ADDED_FLAGS=-O w3c:/home/docker/pureftpd/pure-ftpd/log/transfer.log" -v /home/data/ftp/:/home/ftpusers/ -v /home/docker/pureftpd/pure-ftpd:/etc/pure-ftpd stilliard/pure-ftpd

I can see Logs in: /home/docker/pureftpd/pure-ftpd/log/transfer.log but this is only transfer logs, what i want also see who is trying connect on FTP with wrong login and password so i can ban him if he do it multiple times with fail2ban.

Please what do you suggest as best solution?

Thanks for help

[stilliard]

Hi @lukaspavelka I think these will log to /var/log/messages or try using docker logs to view them. Hope this helps.

[lukaspavelka]

There is no file /var/log/messages inside container and also no info in docker logs <container_id> No information who is connecting and trying wrong passwords.

I Think this is big issue with FTP which is exported to public.

[lukaspavelka]

I also try : mkdir -p /var/log/pure-ftpd && ln -sf /dev/stdout /var/log/pure-ftpd/pureftpd.log

but no info from FTP there as well. :(

[stilliard]

Ah I didn't spot this before sorry but in the env flags you're setting the debug logs flag correctly, but then I think overriding it with a 2nd ADDED_FLAGS call. We should clarify this in the docs but you can only pass ADDED_FLAGS once but you can combine them.

Instead of -e "ADDED_FLAGS=-d -d" -e "ADDED_FLAGS=-O w3c:/home/docker/pureftpd/pure-ftpd/log/transfer.log" try: -e "ADDED_FLAGS=-d -d -O w3c:/home/docker/pureftpd/pure-ftpd/log/transfer.log"

[lukaspavelka]

@stilliard Thanks for your hint, it really helped (now i can see logs)

Thanks for your help , i really appreciate it

[stilliard]

Awesome! You're welcome, sorry for the delay before.